United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



10/092,822 



03/06/2002 



A. Kent Sievers 



21186 7590 11/30/2005 

SCHWEGMAN, LUNDBERG, WOESSNER & KLUTH 

1600 TCF TOWER 

121 SOUTH EIGHT STREET 

MINNEAPOLIS, MN 55402 



I565.006US1 



7995 



EXAMINER 



ART UNIT 



CERVETTI, DAVID GARCIA 

3. 



PAPER NUMBER 



2136 

DATE MAILED: 1 1/30/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summarv 


Application No. 

10/092,822 


Applicant(s) 
SEVERS ET AL 


Examiner 

David G. Cervetti 


Art Unit 

2136 





„ The MAILING DA TE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I) 13 Responsive to communication(s) filed on 08 September 2005 . 
2a)E3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-26 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-26 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)03 The drawing(s) filed on 06 March 2002 is/are: a)^ accepted or b)D objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

I I) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) M Notice of References Cited (PTO-892) 

2) Q Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) □ Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) □ Notice of Informal Patent Application (PTO-1 52) 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 7-05) 



Office Action Summary 



Part of Paper No./Maii Date 20051118 



Application/Control Number: 10/092,822 Page 2 

Art Unit: 2136 

DETAILED ACTION 

1 . Applicant's arguments filed September 8, 2005, have been fully considered but 
they are not persuasive. 

2. Claims 1-26 are pending and have been examined. 

Response to Amendment 

3. The objection to the drawings is withdrawn. 

4. The objection to the specification is withdrawn. 

5. Examiner had taken Official Notice on the use of status flags. Status flags 
were/are used to send notifications and/or confirmations. Mitty et al. (US Patent Number 
6,199,052, hereinafter "Mitty") teach sending confirmations/notifications, thus, it would 
have been obvious to use status flags to accomplish sending notifications/confirmations. 
The outcome of a file/email validation on Mitty is sent to the create MIME body (fig 2A). 
The file Independent claims state that en email has been received directly from a 
server, according to the conventional understanding of how email works, Examiner has 
interpreted "directly" to include at least one electronic mail server interposed between 
sender and receiver (i.e. sender's email is received by an email server of the sender's 
organization, if the receiver belongs to the same email server, then the email is 
forwarded to her, if the receiver belongs to another email server, the first email server 
forwards the email to the email server at the receiver's organization, and this email 
server forwards/relays the email to the user). Using server-based anti-virus techniques 
was conventional and well known at the time the invention was made, as it was to use 
encryption (asymmetric encryption and symmetric encryption) and to decrypt content 
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prior to processing it. Furthermore, Ji etal. (US Patent Number 5,889,943, hereinafter 
Ji) teach an anti-virus application that includes decrypting techniques (columns 17-20). 
Ji teaches using routines for decrypting email messages to prepare them for scanning 
(column 17, lines 50-67). Therefore, separating/splitting the processing done by the 
system of Ji, namely, having a client receiving an email message do the decrypting and 
a server do the scanning would have been obvious in view of Ji. 

Claim Objections 

6. Claim 16 is objected to because of the following informalities: "messages is". 
Appropriate correction is required. 

Claim Rejections - 35 USC §112 

7. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

8. Claims 1, 7, 14, and 21 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

The term "directly" in these claims is a relative term which renders the claim 
indefinite. The term "directly" is not defined by the claim, the specification does not 
provide a standard for ascertaining the requisite degree, and one of ordinary skill in the 
art would not be reasonably apprised of the scope of the invention. A receiver cannot 
"directly receive" an email message from a sender since there is no direct connection 
between receiver and sender. 
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Claim Rejections - 35 USC § 102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

10. Claims 7-8, and 10-12 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Ji. 

Regarding claim 7, Ji teaches receiving the data message from a client, wherein 
the data message was previously directly received at the client from a sender of the 
data message (column 17, lines 1-67, column 18, lines 1-67); scanning the data 
message for viruses (column 17, lines 1-67, column 18, lines 1-67); and sending a 
validation flag to the client, wherein the validation flag includes a value indicating 
whether the data message includes zero or more of the viruses (column 17, lines 1-67, 
column 18, lines 1-67). 

Regarding claim 8, Ji teaches decrypting the data message before scanning the 
data message (column 17, lines 1-67, column 18, lines 1-67). 

Regarding claim 10, Ji teaches wherein in receiving the data message, the data 
message is an email message and the client is an email client (column 17, lines 1-67, 
column 18, lines 1-67). 

Regarding claim 11, Ji teaches wherein in receiving the data message, the data 
message is received from an operating system residing on the client (column 15, lines 
1-67, column 16, lines 1-67). 
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Regarding claim 12, Ji teaches wherein in scanning the data message, a 
scanning set of executable instructions is selectively executed to scan the data 
message for zero or more of the viruses (column 17, lines 1-67, column 18, lines 1-67). 
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Claim Rejections - 35 USC § 103 

1 1 . The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

12. Claims 1-6, 9, 13-26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ji, and further in view of Mitty. 

Regarding claim 1, Ji teaches receiving the email message in a first encrypted 
format directly from a sender of the email message (column 17, lines 1-67, column 18, 
lines 1-67); decrypting contents of the email message from the first encrypted format 
(column 17, lines 1-67, column 18, lines 1-67); transferring the decrypted email 
message contents to a routine (column 17, lines 1-67, column 18, lines 1-67); and 
receiving a status flag, wherein a value associated with the status flag indicates whether 
the contents are free from a virus or are free from objectionable material as validated 
(column 17, lines 1-67, column 18, lines 1-67). Ji does not expressly disclose 
performing the validation at a remote server. However, Mitty teaches transferring an 
email message to a trusted intermediary (remote server) for validation (column 12, lines 
32-67, column 18, lines 8-38). Therefore, it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to distribute the processing of 
an email message between a client and a server. One of ordinary skill in the art would 
have been motivated to do so because it was well known in the art at the time the 
invention was made to process information at a client and at a server, to perform 
antivirus authentication at a server (centralized location), and to perform other functions 
at a network node. 
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Regarding claim 2, the combination of Ji and Mitty teaches the limitations as set 
forth under claim 1 above. Furthermore, Mitty teaches encrypting the email message in 
a second encrypted format before transferring the email message to the remote server 
(column 11, lines 55-67, column 12, lines 1-26, column 18, lines 8-38). 

Regarding claim 3, the combination of Ji and Mitty teaches the limitations as set 
forth under claim 1 above. Furthermore, Ji teaches accessing the email message for 
use, if the value of the status flag indicates the remote server validated the email 
message (column 18, lines 1-67, column 19, lines 1-67). 

Regarding claim 4, the combination of Ji and Mitty teaches the limitations as set 
forth under claim 1 above. Furthermore, Mitty teaches wherein in transferring the email 
message, the first encrypted format is a Secure Multi-Purpose Internet Mail Extension 
(S/MIME) format (columns 11, lines 1-67, column 12, lines 1-67). 

Regarding claim 5, the combination of Ji and Mitty teaches the limitations as set 
forth under claim 1 above. Furthermore, Ji teaches wherein in receiving the status flag, 
if the value of the status flag indicates the remote server validated the email message, 
then subsequent accesses made to the email message do not result in the email 
message being transferred to the remote server for validation (column 18, lines 1-67, 
column 19, lines 1-67). 

Regarding claim 6, the combination of Ji and Mitty teaches the limitations as set 
forth under claim 1 above. Furthermore, Mitty teaches wherein in transferring the email 
message, the email message is streamed to the remote server (column 17, lines 15-40, 
as it is part of the formal definition for a S/MIME type email). 
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Regarding claim 9, Ji does not expressly disclose wherein in decrypting the 
data message, the data message is decrypted using a public key of the client. However, 
Mitty teaches the use of Public Key Encryption (column 1 1 , lines 55-67, column 12, 
lines 1-25). Therefore, it would have been obvious to one having ordinary skill in the art 
at the time the invention was made to use public key encryption with the system of Ji. 
One of ordinary skill in the art would have been motivated to do so because it was well 
known in the art at the time the invention was made use encryption with email 
messages and Ji discloses using any decoding algorithms at a client node (column 17, 
lines 1-67). 

Regarding claim 13, Ji does not expressly disclose wherein in receiving the data 
message, the data message is received as a data stream from the client and scanned 
as the data stream is received. However, Mitty teaches wherein in receiving the data 
message, the data message is received as a data stream from the client and scanned 
as the data stream is received (column 17, lines 15-40, as it is part of the formal 
definition for a S/MIME type email). The motivation for combining is the same as that for 
claim 9 above. 

Regarding claim 14, Ji teaches a local email set of executable instructions 
residing on a client (column 17, lines 1-67, column 18, lines 1-67); a remote validation 
set of executable instructions residing on a server (column 17, lines 1-67, column 18, 
lines 1-67); and wherein the email message is received by the local email set of 
executable instructions and received directly from a sender (column 17, lines 1-67, 
column 18, lines 1-67), decrypted (column 17, lines 1-67, column 18, lines 1-67); and a 
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validation flag associated with a result of the scan is sent to the local email set of 
executable instructions (column 17, lines 1-67, column 18, lines 1-67). Ji does not 
expressly disclose performing the validation at a remote server or streaming the email 
to a remote validation set. However, Mitty teaches transferring an email message to a 
trusted intermediary (remote server) for validation (column 12, lines 32-67, column 18, 
lines 8-38). Therefore, it would have been obvious to one having ordinary skill in the art 
at the time the invention was made to distribute the processing of an email message 
between a client and a server. One of ordinary skill in the art would have been 
motivated to do so because it was well known in the art at the time the invention was 
made to process information at a client and at a server, to perform antivirus 
authentication at a server (centralized location), and to perform other functions at a 
network node. 

Regarding claim 15, the combination of Ji and Mitty teaches the limitations as 
set forth under claim 14 above. Furthermore, Ji teaches wherein the local email set of 
executable instructions accesses the email message if the result indicates the scan 
validated the email message (column 17, lines 1-67, column 18, lines 1-67, column 19, 
lines 1-67). 

Regarding claim 16, the combination of Ji and Mitty teaches the limitations as 
set forth under claim 15 above. Furthermore, Ji teaches wherein the scan validates the 
email message if the email message is free of viruses (column 17, lines 1-67, column 
18, lines 1-67, column 19, lines 1-67). 
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Regarding claim 17, the combination of Ji and Mitty teaches the limitations as 
set forth under claim 14 above. Furthermore, Ji teaches wherein the local email set of 
executable instructions removes the data message if the result indicates the scan did 
not validate the email message (column 17, lines 1-67, column 18, lines 1-67, column 
19, lines 1-67). 

Regarding claim 18, the combination of Ji and Mitty teaches the limitations as 
set forth under claim 14 above. Furthermore, Mitty teaches wherein communications 
between the local email set of executable instructions and the remote validation set of 
executable instructions are secure (columns 1-2, column 11, lines 1-67, column 12, 
lines 1-67). 

Regarding claim 19, the combination of Ji and Mitty teaches the limitations as 
set forth under claim 18 above. Furthermore, Mitty teaches wherein public and private 
key pairs associated with the client and the server are used to encrypt and authenticate 
the communications (column 11, lines 55-67, column 12, lines 1-25). 

Regarding claim 20, the combination of Ji and Mitty teaches the limitations as 
set forth under claim 14 above. Furthermore, Mitty teaches wherein the email message 
includes an attachment message (column 8, lines 14-20) and wherein the email 
message is in a Secure Multi-purpose Internet Mail Extension (S/MIME) format when 
received by the local email set of executable instructions (columns 11-12). 

Regarding claim 21, Ji teaches a first encrypted format associated with content 
data of the email message (column 17, lines 1-67, column 18, lines 1-67), and wherein 
the first encrypted format is received on the email client directly from a sender of the 
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content data (column 17, lines 1-67, column 18, lines 1-67); and a server scans the 
content data for viruses (column 17, lines 1-67, column 18, lines 1-67). Ji does not 
expressly disclose performing the validation at a remote server or generating a second 
encrypted format. However, Mitty teaches wherein an email client decrypts the first 
encrypted format to render the content data (column 12, lines 32-67, column 18, lines 8- 
38), a second encrypted format associated with the content data, wherein the email 
client generates the second encrypted format, and wherein the email client transfers the 
second encrypted format to a remote server where the content data is rendered by the 
remote server by decrypting the second encrypted format (column 12, lines 32-67, 
column 18, lines 8-38). Therefore, it would have been obvious to one having ordinary 
skill in the art at the time the invention was made to distribute the processing of an email 
message between a client and a server. One of ordinary skill in the art would have been 
motivated to do so because it was well known in the art at the time the invention was 
made to process information at a client and at a server, to perform antivirus 
authentication at a server (centralized location), and to perform other functions at a 
network node. 

Regarding claim 22, the combination of Ji and Mitty teaches the limitations as 
set forth under claim 21 above. Furthermore, Ji teaches wherein a validation flag 
indicating whether zero or more of the viruses are detected in the content data is 
generated by the remote server and sent to the email client (column 17, lines 1-67, 
column 18, lines 1-67). 
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Regarding claim 23, the combination of Ji and Mitty teaches the limitations as 
set forth under claim 21 above. Furthermore, Mitty teaches wherein the first encrypted 
format is a Secure Multi-Purpose Internet Mail Extension (S/MIME) format (column 11, 
lines 1-67, column 12, lines 1-67). 

Regarding claim 24, the combination of Ji and Mitty teaches the limitations as 
set forth under claim 21 above. Furthermore, Mitty teaches using the recipient's public 
key and RSA-encryption and the combination of symmetrically-encrypted contents and 
publicly-encrypted key are combined to form the envelopedData structure (column 11, 
lines 1-67, column 12, lines 1-25). Therefore, it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to encrypt data by using a 
private key for a sender and a public key a remote server. One of ordinary skill in the art 
would have been motivated to do so because it was well known in the art at the time the 
invention was made to use Public Key Cryptography to encrypt email messages. 

Regarding claim 25, the combination of Ji and Mitty teaches the limitations as 
set forth under claim 21 above. Furthermore, Ji teaches wherein the email client 
accesses the content data for use when the remote server detects no viruses (column 
17, lines 1-67, column 18, lines 1-67, column 19, lines 1-67). 

Regarding claim 26, the combination of Ji and Mitty teaches the limitations as 
set forth under claim 21 above. Furthermore, Ji teaches wherein the content data 
includes text data and attachment data (column 19, lines 1-67, column 20, lines 1-67) 
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Conclusion 

13. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

14. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. |n no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

1 5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571) 272- 
5861. The examiner can normally be reached on Monday-Friday 7:00 am - 5:00 pm, off 
on Wednesday. 

16. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on (571) 272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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17. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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